Cyber GRC Ideas Portal
At the moment, 4 library objects can be created from the UCF content: Controls, Area of Compliance, Requirements and Question/ Procedure. The characteristics captured at the download time do not align with the characteristics of the object when it is created from scratch. For Area of Compliance and Requirement there is no mal-alignment.
For Control, when created from UCF we capture Purpose, Type and Priority, while when creating the object manually, we also have Nature, Source, Frequency and Key control. Those 4 characteristics need to be included. At the moment, I am told, the frequency is set to Not Applicable, which is still OK, as long as there is transparency provided to the user that this is the case (documentation needs to be updated). For all characteristics we need to provide the option to be selected, explanation what would be the default value if no option is selected and a clear statement that those values would be valid for ALL objects of the same type - ideally, this should be a disclaimer on the page itself.
Similarly for Questions/Procedures – when we create those from UCF we can indicate Categories and Response type, while on the object form we have Type, Category and Manual/Automated. Same principles as outlined above for the Control should be applied.
Hi Judith - Thanks for raising this idea and it's valid use case. At the moment, given the priority for M7, all 6.x activities are on hold.